Ir para conteúdo

Arquivado

Este tópico foi arquivado e está fechado para novas respostas.

FernaoUbubtu

[Resolvido] &nbspPáginas abrindo sozinhas

Por , em Tópicos Resolvidos (Seguranca & Malwares)

Recommended Posts

FernaoUbubtu    0

FernaoUbubtu
Postado

Olá pessoal, sou novo no fórum...Uso habitualmente o mozilla Firefox, derepente páginas abrem sozinhas de proagandas em geral, além do internet explorer...redefini já os dois navegadores e exclui cookies sem sucesso, passei o malwarebits achou alguns problemas e fiz a limpeza e exclusão do que foi encontrado...segue log do hijack se puderem analisar por favor:

 

Logfile of Trend Micro HijackThis v2.0.4

Scan saved at 13:03:10, on 21/10/2012

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v8.00 (8.00.6001.18702)

Boot mode: Normal

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\Ati2evxx.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\system32\Ati2evxx.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\system32\E_S00RP1.EXE

C:\ARQUIV~1\NVIDIA~1\NETWOR~1\Apache Group\Apache2\bin\apache.exe

C:\WINDOWS\system32\inetsrv\inetinfo.exe

C:\Arquivos de programas\Java\jre7\bin\jqs.exe

C:\Arquivos de programas\Malwarebytes' Anti-Malware\mbamscheduler.exe

C:\ARQUIV~1\NVIDIA~1\NETWOR~1\Apache Group\Apache2\bin\apache.exe

C:\ARQUIV~1\NVIDIA~1\NETWOR~1\bin\nSvcLog.exe

C:\WINDOWS\system32\HPZipm12.exe

c:\Arquivos de programas\Arquivos comuns\Protexis\License Service\PsiService_2.exe

C:\WINDOWS\System32\snmp.exe

C:\Arquivos de programas\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe

C:\WINDOWS\system32\SAgent4.exe

C:\WINDOWS\system32\svchost.exe

C:\ARQUIV~1\NVIDIA~1\NETWOR~1\bin\nSvcIp.exe

C:\Arquivos de programas\Microsoft Office\Office12\GrooveMonitor.exe

C:\Arquivos de programas\Arquivos comuns\Java\Java Update\jusched.exe

C:\Arquivos de programas\TUTO4PC\tuto4pc_br_6.exe

C:\Documents and Settings\PC101\Configurações locais\Dados de aplicativos\tuto4pc_br_6\uptt4pcbr6.exe

C:\Arquivos de programas\Arquivos comuns\Ahead\Lib\NMBgMonitor.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Arquivos de programas\Arquivos comuns\Ahead\Lib\NMIndexingService.exe

C:\Arquivos de programas\Arquivos comuns\Ahead\Lib\NMIndexStoreSvr.exe

C:\Arquivos de programas\Mozilla Firefox\firefox.exe

C:\WINDOWS\system32\dllhost.exe

C:\Arquivos de programas\Mozilla Firefox\plugin-container.exe

C:\Documents and Settings\PC101\Desktop\HijackThis.exe

 

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.uol.com.br/

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

O2 - BHO: Babylon toolbar helper - {2EECD738-5844-4a99-B4B6-146BF802613B} - (no file)

O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)

O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Arquivos de programas\Microsoft Office\Office12\GrooveShellExtensions.dll

O2 - BHO: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Arquivos de programas\Java\jre7\bin\ssv.dll

O2 - BHO: Auxiliar de Conexão do Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Arquivos de programas\Java\jre7\bin\jp2ssv.dll

O3 - Toolbar: (no name) - {98889811-442D-49dd-99D7-DC866BE87DBC} - (no file)

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [nwiz] nwiz.exe /install

O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit

O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE

O4 - HKLM\..\Run: [NeroFilterCheck] C:\Arquivos de programas\Arquivos comuns\Ahead\Lib\NeroCheck.exe

O4 - HKLM\..\Run: [GrooveMonitor] "C:\Arquivos de programas\Microsoft Office\Office12\GrooveMonitor.exe"

O4 - HKLM\..\Run: [ink Monitor] C:\Arquivos de programas\EPSON\Ink Monitor\InkMonitor.exe

O4 - HKLM\..\Run: [QuickTime Task] "C:\Arquivos de programas\QuickTime\QTTask.exe" -atboottime

O4 - HKLM\..\Run: [AdobeCS4ServiceManager] "C:\Arquivos de programas\Arquivos comuns\Adobe\CS4ServiceManager\CS4ServiceManager.exe" -launchedbylogin

O4 - HKLM\..\Run: [startCCC] "C:\Arquivos de programas\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun

O4 - HKLM\..\Run: [OSSelectorReinstall] C:\Arquivos de programas\Arquivos comuns\Acronis\Acronis Disk Director\oss_reinstall.exe

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Arquivos de programas\Arquivos comuns\Java\Java Update\jusched.exe"

O4 - HKLM\..\Run: [APSDaemon] "C:\Arquivos de programas\Arquivos comuns\Apple\Apple Application Support\APSDaemon.exe"

O4 - HKLM\..\Run: [Tutorials] "C:\Arquivos de programas\TUTO4PC\tuto4pc_br_6.exe"

O4 - HKLM\..\Run: [uptt4pcbr6.exe] C:\Documents and Settings\PC101\Configurações locais\Dados de aplicativos\tuto4pc_br_6\uptt4pcbr6.exe -runhelper

O4 - HKCU\..\Run: [bgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Arquivos de programas\Arquivos comuns\Ahead\Lib\NMBgMonitor.exe"

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')

O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Arquivos de programas\Adobe\Reader 8.0\Reader\reader_sl.exe

O4 - Global Startup: Adobe Reader Synchronizer.lnk = C:\Arquivos de programas\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe

O9 - Extra button: Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\ARQUIV~1\MICROS~3\Office12\ONBttnIE.dll

O9 - Extra 'Tools' menuitem: &Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\ARQUIV~1\MICROS~3\Office12\ONBttnIE.dll

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\ARQUIV~1\MICROS~3\Office12\REFIEBAR.DLL

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp

O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204

O17 - HKLM\System\CCS\Services\Tcpip\..\{658057F0-E1CA-4AA7-912D-0C0EDECC1B1A}: NameServer = 200.204.0.10,200.204.0.138

O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Arquivos de programas\Microsoft Office\Office12\GrooveSystemServices.dll

O22 - SharedTaskScheduler: Pré-carregador Browseui - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll

O22 - SharedTaskScheduler: Daemon de cache de categorias de componente - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll

O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe

O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe

O23 - Service: EPSON V3 Service2(03) (EPSON_PM_RPCV2_01) - SEIKO EPSON CORPORATION - C:\WINDOWS\system32\E_S00RP1.EXE

O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\Arquivos de programas\Arquivos comuns\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe

O23 - Service: Forceware Web Interface (ForcewareWebInterface) - Apache Software Foundation - C:\ARQUIV~1\NVIDIA~1\NETWOR~1\Apache Group\Apache2\bin\apache.exe

O23 - Service: Java Quick Starter (JavaQuickStarterService) - Oracle Corporation - C:\Arquivos de programas\Java\jre7\bin\jqs.exe

O23 - Service: MBAMScheduler - Malwarebytes Corporation - C:\Arquivos de programas\Malwarebytes' Anti-Malware\mbamscheduler.exe

O23 - Service: MBAMService - Malwarebytes Corporation - C:\Arquivos de programas\Malwarebytes' Anti-Malware\mbamservice.exe

O23 - Service: NBService - Nero AG - C:\Arquivos de programas\Nero\Nero 7\Nero BackItUp\NBService.exe

O23 - Service: NMIndexingService - Nero AG - C:\Arquivos de programas\Arquivos comuns\Ahead\Lib\NMIndexingService.exe

O23 - Service: ForceWare IP service (nSvcIp) - NVIDIA Corporation - C:\ARQUIV~1\NVIDIA~1\NETWOR~1\bin\nSvcIp.exe

O23 - Service: ForceWare user log service (nSvcLog) - NVIDIA Corporation - C:\ARQUIV~1\NVIDIA~1\NETWOR~1\bin\nSvcLog.exe

O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe

O23 - Service: Protexis Licensing V2 (PSI_SVC_2) - Protexis Inc. - c:\Arquivos de programas\Arquivos comuns\Protexis\License Service\PsiService_2.exe

O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - C:\Arquivos de programas\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe

O23 - Service: Epson Printer Status Agent4 (StatusAgent4) - SEIKO EPSON CORPORATION - C:\WINDOWS\system32\SAgent4.exe

 

--

End of file - 9158 bytes

 

 

desde já agradeço!

Compartilhar este post

Link para o post
Compartilhar em outros sites

wings    22

wings
Postado

Boa tarde FernaoUbubtu

 

 

:seta: Baixe o OTL (...de Old_Timer) e salve-o no Desktop (Área de Trabalho)

 

*Execute-o.

 

adtogEug.jpg

 

*Selecione:

Verificar All Users

Ignorar Arquivos Microsoft

Verificar Lop

Verificar Purity

 

*Cole as linhas, em marrom, no espaço abaixo de Exames Personalizados/Correções

%APPDATA%\*

%APPDATA%\*.*

%SystemDrive%\*.*

%USERPROFILE%\*

%USERPROFILE%\*.*

regedit /e c:\registrybackup.reg /c

netsvcs

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes

HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes

 

*Clique [Verificar]

 

acwleCSw.jpg

 

*Ao término, os relatórios OTL.txt e Extras.txt serão criados no Desktop (Área de Trabalho)

 

 

:veja: Acesse este link

 

*Clique [selecionar arquivo]

 

*Localize o arquivo OTL.txt no Desktop (Área de Trabalho) e clique [Abrir]

 

*Clique [Envoyer le fichier]

 

*Cole o link criado abaixo de Fichier envoyé avec succés! Copiez votre lien :

 

*Repita o procedimento para o relatório Extras.txt e cole o link

Compartilhar este post

Link para o post
Compartilhar em outros sites

wings    22

wings
Postado

:seta: Baixe o AdwCleaner (...de Xplode) e salve-o no Desktop (Área de Trabalho)

 

*Execute-o. Usuários do Windows Vista ou do Windows 7 devem clicar com o botão direito do mouse no arquivo e selecionar Executar como administrador

 

acbFQ3lq.jpg

 

*Clique [Delete]

 

*Cole o relatório apresentado

 

 

 

*Desative temporariamente seu antivírus

 

:seta: Baixe o ComboFix (...de sUBs) e salve-o no Desktop (Área de Trabalho)

 

*Execute-o.

 

*Se o Console de Recuperação do Microsoft Windows não estiver instalado, aceite a sua instalação. Após a instalação do Console, clique [sim].

 

*Aceite o contrato

 

aag8OIvd.jpg

 

*Aguarde a extração dos arquivos

 

aatrYiR0.jpg

 

*Aguarde a conclusão das etapas...pode demorar!

 

aadiHyHA.jpg

 

*Evite usar o mouse e o teclado. Não use nenhum outro programa até que o ComboFix termine![/b]

 

*Aguarde o término e cole o relatório apresentado

Compartilhar este post

Link para o post
Compartilhar em outros sites

FernaoUbubtu    0

FernaoUbubtu
Postado

Desculpe a demora...o adwcleaner foi normal, o combo fix acusou que estava infectado com o zero access, não é possível, tive um problema com este rootkit a um tempo atrás, demorou para excutar o mesmo, quando chegou na parte do relatório ficou mais de três horas na mesma tela " Preparando o relatório " e não gerou o mesmo...então estou mandando apenas o do primeiro programa segue abaixo:

 

# AdwCleaner v2.005 - Logfile created 10/22/2012 at 18:14:22

# Updated 14/10/2012 by Xplode

# Operating system : Microsoft Windows XP Service Pack 2 (32 bits)

# User : PC101 - PC100

# Boot Mode : Normal

# Running from : C:\Documents and Settings\PC101\Desktop\AdwCleaner.exe

# Option [search]

 

 

***** [services] *****

 

 

***** [Files / Folders] *****

 

Folder Found : C:\Arquivos de programas\Tuto4pc

Folder Found : C:\Documents and Settings\All Users\Menu Iniciar\Programas\Tuto4pc

 

***** [Registry] *****

 

Key Found : HKCU\Software\BrowserMngr

Key Found : HKCU\Software\DataMngr_Toolbar

Key Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}

Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{2EECD738-5844-4A99-B4B6-146BF802613B}

Key Found : HKCU\Software\Tutorials

Key Found : HKLM\SOFTWARE\Classes\Interface\{CA17D76B-F91D-4659-A7FD-A9F7ED375CDD}

Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}

Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{E55E7026-EF2A-4A17-AAA7-DB98EA3FD1B1}

Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{E55E7026-EF2A-4A17-AAA7-DB98EA3FD1B1}

Key Found : HKU\S-1-5-21-1644491937-573735546-839522115-1003\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}

Value Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [Tutorials]

 

***** [internet Browsers] *****

 

-\\ Internet Explorer v8.0.6001.18702

 

[OK] Registry is clean.

 

-\\ Opera v11.64.1403.0

 

File : C:\Documents and Settings\PC101\Dados de aplicativos\Opera\Opera\operaprefs.ini

 

[OK] File is clean.

 

*************************

 

AdwCleaner[s1].txt - [2659 octets] - [28/07/2012 00:32:33]

AdwCleaner[R1].txt - [5902 octets] - [17/09/2012 21:09:15]

AdwCleaner[s2].txt - [6479 octets] - [17/09/2012 21:09:53]

AdwCleaner[R2].txt - [1967 octets] - [22/10/2012 18:14:22]

 

########## EOF - C:\AdwCleaner[R2].txt - [2027 octets] ##########

 

desde já agradeço!

Compartilhar este post

Link para o post
Compartilhar em outros sites

wings    22

wings
Postado

:seta: Leia com atenção o procedimento do AdwCleaner.

 

*Eu solicitei [Delete] e não [search]

 

 

:seta: Execute o OTL.

 

*Clique [Nenhum]

 

acwleCSw.jpg

 

*Cole as linhas, em marrom, no espaço abaixo de Exames Personalizados/Correções

/md5start

services.exe

/md5stop

 

*Clique [Verificar]

 

acwleCSw.jpg

 

*Cole o relatório apresentado

Compartilhar este post

Link para o post
Compartilhar em outros sites

FernaoUbubtu    0

FernaoUbubtu
Postado

desculpe pela falha...segue relatórios:

 

# AdwCleaner v2.005 - Logfile created 10/22/2012 at 20:52:29

# Updated 14/10/2012 by Xplode

# Operating system : Microsoft Windows XP Service Pack 2 (32 bits)

# User : PC101 - PC100

# Boot Mode : Normal

# Running from : C:\Documents and Settings\PC101\Desktop\AdwCleaner.exe

# Option [Delete]

 

 

***** [services] *****

 

 

***** [Files / Folders] *****

 

Folder Deleted : C:\Arquivos de programas\Tuto4pc

Folder Deleted : C:\Documents and Settings\All Users\Menu Iniciar\Programas\Tuto4pc

 

***** [Registry] *****

 

Key Deleted : HKCU\Software\BrowserMngr

Key Deleted : HKCU\Software\DataMngr_Toolbar

Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}

Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{2EECD738-5844-4A99-B4B6-146BF802613B}

Key Deleted : HKCU\Software\Tutorials

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{CA17D76B-F91D-4659-A7FD-A9F7ED375CDD}

Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}

Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{E55E7026-EF2A-4A17-AAA7-DB98EA3FD1B1}

Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{E55E7026-EF2A-4A17-AAA7-DB98EA3FD1B1}

Value Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [Tutorials]

 

***** [internet Browsers] *****

 

-\\ Internet Explorer v8.0.6001.18702

 

[OK] Registry is clean.

 

-\\ Opera v11.64.1403.0

 

File : C:\Documents and Settings\PC101\Dados de aplicativos\Opera\Opera\operaprefs.ini

 

[OK] File is clean.

 

*************************

 

AdwCleaner[s1].txt - [2659 octets] - [28/07/2012 00:32:33]

AdwCleaner[R1].txt - [5902 octets] - [17/09/2012 21:09:15]

AdwCleaner[s2].txt - [6479 octets] - [17/09/2012 21:09:53]

AdwCleaner[R2].txt - [2096 octets] - [22/10/2012 18:14:22]

AdwCleaner[s3].txt - [1900 octets] - [22/10/2012 20:52:29]

 

########## EOF - C:\AdwCleaner[s3].txt - [1960 octets] ##########

 

 

otl:

 

OTL logfile created on: 22/10/2012 20:57:53 - Run 2

OTL by OldTimer - Version 3.2.69.0 Folder = C:\Documents and Settings\PC101\Desktop

Windows XP Professional Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation

Internet Explorer (Version = 8.0.6001.18702)

Locale: 00000416 | Country: Brasil | Language: PTB | Date Format: d/M/yyyy

 

2,00 Gb Total Physical Memory | 1,36 Gb Available Physical Memory | 68,22% Memory free

3,85 Gb Paging File | 3,37 Gb Available in Paging File | 87,56% Paging File free

Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

 

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Arquivos de programas

Drive C: | 48,83 Gb Total Space | 4,51 Gb Free Space | 9,24% Space Free | Partition Type: NTFS

Drive D: | 39,06 Gb Total Space | 11,46 Gb Free Space | 29,33% Space Free | Partition Type: NTFS

Drive E: | 9,77 Gb Total Space | 1,06 Gb Free Space | 10,81% Space Free | Partition Type: NTFS

Drive F: | 9,77 Gb Total Space | 0,74 Gb Free Space | 7,61% Space Free | Partition Type: NTFS

Drive G: | 48,83 Gb Total Space | 31,39 Gb Free Space | 64,28% Space Free | Partition Type: NTFS

Drive H: | 68,36 Gb Total Space | 2,99 Gb Free Space | 4,38% Space Free | Partition Type: NTFS

Drive I: | 19,53 Gb Total Space | 13,88 Gb Free Space | 71,06% Space Free | Partition Type: NTFS

Drive J: | 97,65 Gb Total Space | 32,69 Gb Free Space | 33,48% Space Free | Partition Type: NTFS

Drive K: | 26,31 Gb Total Space | 9,05 Gb Free Space | 34,42% Space Free | Partition Type: NTFS

Drive L: | 2,38 Gb Total Space | 0,00 Gb Free Space | 0,00% Space Free | Partition Type: CDFS

Drive M: | 6,08 Gb Total Space | 0,00 Gb Free Space | 0,00% Space Free | Partition Type: UDF

Unable to calculate disk information.

Drive O: | 298,08 Gb Total Space | 221,75 Gb Free Space | 74,39% Space Free | Partition Type: NTFS

Drive P: | 97,65 Gb Total Space | 57,00 Gb Free Space | 58,36% Space Free | Partition Type: NTFS

 

Computer Name: PC100 | User Name: PC101 | Logged in as Administrator.

Boot Mode: Normal | Scan Mode: Current user

Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: Off | File Age = 30 Days

 

========== Custom Scans ==========

 

< MD5 for: SERVICES.EXE >

[2009/02/09 09:17:04 | 000,111,104 | ---- | M] (Microsoft Corporation) MD5=38867483E0CB504BB8F277E05729881E -- C:\WINDOWS\$hf_mig$\KB956572\SP3QFE\services.exe

[2009/02/09 08:08:21 | 000,111,104 | ---- | M] (Microsoft Corporation) MD5=96D7D86D3AA68A57BBE835441DC23107 -- C:\WINDOWS\ERDNT\cache\services.exe

[2009/02/09 08:08:21 | 000,111,104 | ---- | M] (Microsoft Corporation) MD5=96D7D86D3AA68A57BBE835441DC23107 -- C:\WINDOWS\system32\dllcache\services.exe

[2009/02/09 08:08:21 | 000,111,104 | ---- | M] (Microsoft Corporation) MD5=96D7D86D3AA68A57BBE835441DC23107 -- C:\WINDOWS\system32\services.exe

[2009/02/09 09:25:05 | 000,111,104 | ---- | M] (Microsoft Corporation) MD5=C52DEB6D8CD4B096BF1A9EC001F36507 -- C:\WINDOWS\$hf_mig$\KB956572\SP3GDR\services.exe

[2004/08/04 01:45:42 | 000,108,544 | ---- | M] (Microsoft Corporation) MD5=CC73C4430C2FC27FDE16A0A4E3678148 -- C:\WINDOWS\$NtUninstallKB956572$\services.exe

[2009/06/27 12:45:12 | 000,593,920 | ---- | M] (Auto-Update) MD5=DA9276C6C5702AED5E574291065FB985 -- C:\Arquivos de programas\GTS DIGITAL\GTS Studio Recorder Pro\services.exe

[2009/02/09 07:53:30 | 000,111,104 | ---- | M] (Microsoft Corporation) MD5=E64296F1D45C776FAC6EE8F89EF3C303 -- C:\WINDOWS\$hf_mig$\KB956572\SP2QFE\services.exe

[2008/04/14 00:21:17 | 000,109,056 | ---- | M] (Microsoft Corporation) MD5=EE7999BAACA84CFAA03726E677EE2A33 -- C:\WINDOWS\SoftwareDistribution\Download\f7670e43b3c19680acdc044a1fbe993f\services.exe

 

< End of report >

Compartilhar este post

Link para o post
Compartilhar em outros sites

wings    22

wings
Postado

:seta: Execute o OTL

 

*Cole as linhas em azul no espaço abaixo de Exames Personalizados/Correções

 

:Files

C:\WINDOWS\$NtUninstallKB48594$

ipconfig /flushdns /c

 

:Commands

[emptytemp]

 

*Clique [Consertar]

 

acwleCSw.jpg

 

*Clique [OK] para reiniciar o PC

 

aalOzPIh.jpg

 

*Cole o relatório apresentado

Compartilhar este post

Link para o post
Compartilhar em outros sites

FernaoUbubtu    0

FernaoUbubtu
Postado

Segue último relatório:

 

 

All processes killed

========== FILES ==========

C:\WINDOWS\$NtUninstallKB48594$\4089950698\U folder moved successfully.

C:\WINDOWS\$NtUninstallKB48594$\4089950698\L folder moved successfully.

C:\WINDOWS\$NtUninstallKB48594$\4089950698 folder moved successfully.

C:\WINDOWS\$NtUninstallKB48594$ folder moved successfully.

< ipconfig /flushdns /c >

Configuração de IP do Windows

Liberação do cache do DNS Resolver bem-sucedida.

C:\Documents and Settings\PC101\Desktop\cmd.bat deleted successfully.

C:\Documents and Settings\PC101\Desktop\cmd.txt deleted successfully.

========== COMMANDS ==========

 

[EMPTYTEMP]

 

User: All Users

 

User: Default User

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 0 bytes

 

User: Default User.WINDOWS

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 67 bytes

 

User: LocalService

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 0 bytes

 

User: LocalService.AUTORIDADE NT

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 0 bytes

 

User: LocalService.AUTORIDADE NT.000

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 0 bytes

 

User: LocalService.AUTORIDADE NT.001

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 32902 bytes

 

User: NetworkService

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 0 bytes

 

User: NetworkService.AUTORIDADE NT

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 0 bytes

 

User: NetworkService.AUTORIDADE NT.000

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 0 bytes

 

User: NetworkService.AUTORIDADE NT.001

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 67 bytes

 

User: PC101

->Temp folder emptied: 77384721 bytes

->Temporary Internet Files folder emptied: 2663295 bytes

->Java cache emptied: 51854 bytes

->FireFox cache emptied: 115725257 bytes

->Google Chrome cache emptied: 175775770 bytes

->Apple Safari cache emptied: 13433856 bytes

->Opera cache emptied: 9658919 bytes

->Flash cache emptied: 38726 bytes

 

%systemdrive% .tmp files removed: 0 bytes

%systemroot% .tmp files removed: 0 bytes

%systemroot%\System32 .tmp files removed: 0 bytes

%systemroot%\System32\dllcache .tmp files removed: 0 bytes

%systemroot%\System32\drivers .tmp files removed: 0 bytes

Windows Temp folder emptied: 65536 bytes

RecycleBin emptied: 0 bytes

 

Total Files Cleaned = 377,00 mb

 

 

OTL by OldTimer - Version 3.2.69.0 log created on 10222012_214523

 

Files\Folders moved on Reboot...

C:\WINDOWS\temp\Perflib_Perfdata_648.dat moved successfully.

 

PendingFileRenameOperations files...

 

Registry entries deleted on Reboot...

Compartilhar este post

Link para o post
Compartilhar em outros sites

wings    22

wings
Postado

OK...

 

 

:seta: Delete o Combofix, baixe-o novamente e veja se consegue executá-lo.

Compartilhar este post

Link para o post
Compartilhar em outros sites

FernaoUbubtu    0

FernaoUbubtu
Postado

Agora executou normalmente e as páginas não abrem mais e não foi mais acusado o zero access!

 

segue o log:

 

ComboFix 12-10-22.03 - PC101 23/10/2012 1:46.6.2 - x86

Microsoft Windows XP Professional 5.1.2600.2.1252.55.1046.18.2046.1491 [GMT -2:00]

Executando de: c:\documents and settings\PC101\Desktop\ComboFix.exe

AV: avast! Antivirus *Enabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}

.

.

((((((((((((((((((((((((((((((((((((( Outras Exclusões )))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

c:\windows\run.vbs

.

A cópia de c:\windows\system32\ntdll.dll foi encontrada e desinfectada

Cópia restaurada de - c:\windows\$hf_mig$\KB956572\SP3QFE\ntdll.dll

.

.

((((((((((((((((((((((((((((((((((((((( Drivers/Serviços )))))))))))))))))))))))))))))))))))))))))))))))))

.

.

-------\Legacy_NVSVC

-------\Service_NVSvc

.

.

(((((((((((((((( Arquivos/Ficheiros criados de 2012-09-23 to 2012-10-23 ))))))))))))))))))))))))))))

.

.

2012-10-23 03:33 . 2012-10-23 03:33 -------- d-----w- c:\documents and settings\PC101\Configurações locais\Dados de aplicativos\eMule

2012-10-23 03:33 . 2012-10-23 03:34 -------- d-----w- c:\arquivos de programas\DreaMule

2012-10-23 03:20 . 2012-08-21 08:13 355632 ----a-w- c:\windows\system32\drivers\aswSP.sys

2012-10-23 03:20 . 2012-08-21 08:13 21256 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys

2012-10-23 03:20 . 2012-08-21 08:13 35928 ----a-w- c:\windows\system32\drivers\aswRdr.sys

2012-10-23 03:20 . 2012-08-21 08:13 729752 ----a-w- c:\windows\system32\drivers\aswSnx.sys

2012-10-23 03:20 . 2012-08-21 08:13 54232 ----a-w- c:\windows\system32\drivers\aswTdi.sys

2012-10-23 03:20 . 2012-08-21 08:13 97608 ----a-w- c:\windows\system32\drivers\aswmon2.sys

2012-10-23 03:20 . 2012-08-21 08:13 89624 ----a-w- c:\windows\system32\drivers\aswmon.sys

2012-10-23 03:20 . 2012-08-21 08:13 25256 ----a-w- c:\windows\system32\drivers\aavmker4.sys

2012-10-23 03:20 . 2012-08-21 08:12 41224 ----a-w- c:\windows\avastSS.scr

2012-10-23 03:20 . 2012-08-21 08:12 227648 ----a-w- c:\windows\system32\aswBoot.exe

2012-10-23 03:19 . 2012-10-23 03:19 -------- d-----w- c:\documents and settings\All Users\Dados de aplicativos\AVAST Software

2012-10-23 03:19 . 2012-10-23 03:19 -------- d-----w- c:\arquivos de programas\AVAST Software

2012-10-22 23:45 . 2012-10-22 23:45 -------- d-----w- C:\_OTL

2012-10-22 23:42 . 2012-10-22 23:42 1295 ----a-w- c:\windows\TesteTempo.bat

2012-10-21 19:49 . 2012-10-21 19:49 105128918 ----a-w- C:\REGISTRYBACKUP.REG

2012-10-21 11:00 . 2012-10-21 11:00 -------- d-sh--w- c:\documents and settings\PC101\IECompatCache

2012-10-19 20:18 . 2012-10-19 20:20 -------- d-----w- c:\arquivos de programas\Malwarebytes' Anti-Malware

2012-10-19 20:18 . 2012-09-29 22:54 22856 ----a-w- c:\windows\system32\drivers\mbam.sys

2012-10-17 03:31 . 2012-10-17 03:31 -------- d-----w- c:\arquivos de programas\Arquivos comuns\DVDVideoSoft

2012-10-17 03:31 . 2012-10-17 03:31 -------- d-----w- c:\arquivos de programas\DVDVideoSoft

2012-10-17 03:30 . 2012-10-17 03:31 -------- d-----w- c:\documents and settings\PC101\Dados de aplicativos\DVDVideoSoft

2012-10-17 03:01 . 2012-10-17 03:03 -------- d-----w- c:\arquivos de programas\CD Audio MP3 Converter

2012-10-17 03:01 . 2001-03-23 19:29 880912 ----a-w- c:\windows\WM8EUTIL.exe

2012-10-17 03:00 . 2012-10-23 02:51 -------- d-----w- c:\documents and settings\PC101\Configurações locais\Dados de aplicativos\tuto4pc_br_6

2012-10-11 18:04 . 2012-10-11 18:04 -------- d-----w- c:\documents and settings\All Users\Dados de aplicativos\McAfee

2012-10-11 17:58 . 2012-10-11 17:58 -------- d-----w- c:\arquivos de programas\Arquivos comuns\Apple

2012-10-11 17:58 . 2012-10-11 17:58 -------- d-----w- c:\arquivos de programas\Apple Software Update

2012-10-11 13:07 . 2012-10-11 13:07 -------- d-----w- c:\documents and settings\PC101\Configurações locais\Dados de aplicativos\Sun

2012-10-11 06:58 . 2012-10-11 13:10 -------- d-----w- c:\arquivos de programas\Digital Drums

2012-10-11 06:29 . 2012-10-11 06:29 143872 ----a-w- c:\windows\system32\javacpl.cpl

2012-10-11 06:29 . 2012-10-11 06:29 93672 ----a-w- c:\windows\system32\WindowsAccessBridge.dll

2012-10-10 00:08 . 2008-12-23 23:10 380928 ----a-w- c:\windows\system32\actskin4.ocx

2012-10-10 00:08 . 2008-12-23 23:10 28672 ----a-w- c:\windows\system32\gFormTransp.ocx

2012-10-10 00:08 . 2008-12-23 23:10 102400 ----a-w- c:\windows\system32\ccrpprg6.ocx

2012-10-10 00:08 . 2008-11-28 15:32 1779632 ----a-w- c:\windows\system32\GTS_Controls.ocx

2012-10-10 00:08 . 2012-10-10 00:08 -------- d-----w- c:\arquivos de programas\GTS DIGITAL

2012-10-10 00:08 . 2008-12-23 23:10 364544 ----a-w- c:\windows\system32\AlphaImageControl.ocx

2012-10-02 09:08 . 2012-10-02 09:08 -------- d-----w- c:\arquivos de programas\Apoio

.

.

.

((((((((((((((((((((((((((((((((((((( Relatório Find3M ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2012-10-11 06:29 . 2012-08-07 08:59 821736 ----a-w- c:\windows\system32\npdeployJava1.dll

2012-10-11 06:29 . 2012-04-12 23:53 746984 ----a-w- c:\windows\system32\deployJava1.dll

2012-10-08 20:47 . 2012-03-30 18:54 696760 ----a-w- c:\windows\system32\FlashPlayerApp.exe

2012-10-08 20:47 . 2012-01-12 20:17 73656 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl

2012-10-12 02:28 . 2012-10-12 02:28 261600 ----a-w- c:\arquivos de programas\mozilla firefox\components\browsercomps.dll

.

.

------- Sigcheck -------

Note: Unsigned files aren't necessarily malware.

.

[7] 2012-05-12 07:45 . E8F78F11945EE6F91408C99AF15143EA . 949104 . . [1403] . . c:\windows\ERDNT\cache\opera.exe

.

(((((((((((((((((((((((((( Pontos de Carregamento do Registro )))))))))))))))))))))))))))))))))))))))

.

.

*Nota* entradas vazias e legítimas por padrão não são apresentadas.

REGEDIT4

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]

@="{472083B0-C522-11CF-8763-00608CC02F24}"

[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]

2012-08-21 08:12 121528 ----a-w- c:\arquivos de programas\AVAST Software\Avast\ashShell.dll

.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\arquivos de programas\Arquivos comuns\Ahead\Lib\NMBgMonitor.exe" [2007-06-27 152872]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2006-10-31 7634944]

"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2006-10-31 86016]

"NeroFilterCheck"="c:\arquivos de programas\Arquivos comuns\Ahead\Lib\NeroCheck.exe" [2007-03-01 210480]

"GrooveMonitor"="c:\arquivos de programas\Microsoft Office\Office12\GrooveMonitor.exe" [2008-10-25 31072]

"AdobeCS4ServiceManager"="c:\arquivos de programas\Arquivos comuns\Adobe\CS4ServiceManager\CS4ServiceManager.exe" [2012-05-28 611712]

"OSSelectorReinstall"="c:\arquivos de programas\Arquivos comuns\Acronis\Acronis Disk Director\oss_reinstall.exe" [2007-02-22 2209224]

"SunJavaUpdateSched"="c:\arquivos de programas\Arquivos comuns\Java\Java Update\jusched.exe" [2012-07-03 252848]

"APSDaemon"="c:\arquivos de programas\Arquivos comuns\Apple\Apple Application Support\APSDaemon.exe" [2012-02-21 59240]

"avast"="c:\arquivos de programas\AVAST Software\Avast\avastUI.exe" [2012-08-21 4282728]

.

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2004-08-04 15360]

.

c:\documents and settings\All Users\Menu Iniciar\Programas\Inicializar\

Adobe Reader Speed Launch.lnk - c:\arquivos de programas\Adobe\Reader 8.0\Reader\reader_sl.exe [2006-10-23 40048]

Adobe Reader Synchronizer.lnk - c:\arquivos de programas\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe [2006-10-23 792216]

.

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Iniciar^Programas^Inicializar^Windows Search.lnk]

backup=c:\windows\pss\Windows Search.lnkCommon Startup

.

[HKLM\~\startupfolder\C:^Documents and Settings^PC101^Menu Iniciar^Programas^Inicializar^Recorte de tela e Iniciador do OneNote 2007.lnk]

backup=c:\windows\pss\Recorte de tela e Iniciador do OneNote 2007.lnkStartup

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SkyTel]

2012-04-21 19:39 1884160 ----a-w- c:\windows\SkyTel.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\security center]

"AntiVirusOverride"=dword:00000001

"FirewallOverride"=dword:00000001

.

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]

"EnableFirewall"= 0 (0x0)

.

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"=

"c:\\ARQUIV~1\\ARQUIV~1\\INSTAL~1\\Driver\\9\\INTEL3~1\\IDriver.exe"=

"c:\\Arquivos de programas\\NVIDIA Corporation\\NetworkAccessManager\\Apache Group\\Apache2\\bin\\Apache.exe"=

"c:\\WINDOWS\\system32\\wscntfy.exe"=

"c:\\Arquivos de programas\\Windows Live\\Messenger\\wlcsdk.exe"=

"c:\\Arquivos de programas\\Windows Live\\Messenger\\msnmsgr.exe"=

"c:\\Arquivos de programas\\WinRAR\\uninstall.exe"=

"k:\\Backup's e Progs\\Progs necessários\\Nero-7.10.1.2\\keygen.exe"=

"c:\\Arquivos de programas\\Nero\\Nero 7\\Nero Home\\NeroHome.exe"=

"c:\\Arquivos de programas\\Microsoft Office\\Office12\\OUTLOOK.EXE"=

"c:\\Arquivos de programas\\Microsoft Office\\Office12\\GROOVE.EXE"=

"c:\\Arquivos de programas\\Microsoft Office\\Office12\\ONENOTE.EXE"=

"c:\\Arquivos de programas\\Mozilla Firefox\\firefox.exe"=

"c:\\Arquivos de programas\\SEGA\\Beijing 2008\\Beijing.exe"=

"c:\\Arquivos de programas\\Microsoft Office\\Office12\\GrooveMonitor.exe"=

"c:\\Arquivos de programas\\Arquivos comuns\\Ahead\\Lib\\NMIndexStoreSvr.exe"=

"c:\\Arquivos de programas\\Arquivos comuns\\Ahead\\Lib\\NMBgMonitor.exe"=

"c:\\Arquivos de programas\\Messenger\\msmsgs.exe"=

"c:\\Arquivos de programas\\Microsoft Office\\Office12\\WINWORD.EXE"=

"c:\\WINDOWS\\NIRCMD.exe"=

"c:\\WINDOWS\\system32\\dumprep.exe"=

"c:\\WINDOWS\\system32\\wuauclt.exe"=

"c:\\Arquivos de programas\\FreeTime\\FormatFactory\\FormatFactory.exe"=

"c:\\Arquivos de programas\\Mozilla Firefox\\plugin-container.exe"=

"c:\\WINDOWS\\SkyTel.EXE"=

"c:\\Arquivos de programas\\KONAMI\\Winning Eleven 2007\\WE2007.exe"=

"c:\\WINDOWS\\system32\\drwtsn32.exe"=

"c:\\Arquivos de programas\\Opera\\opera.exe"=

"c:\\Arquivos de programas\\Opera Next\\pluginwrapper\\opera_plugin_wrapper.exe"=

"c:\\Arquivos de programas\\Opera Next\\opera.exe"=

"c:\\Arquivos de programas\\Adobe\\Reader 8.0\\Reader\\AcroRd32.exe"=

"c:\\Arquivos de programas\\Quake III Arena\\quake3.exe"=

"c:\\WINDOWS\\system32\\taskmgr.exe"=

"c:\\Arquivos de programas\\DsNET Corp\\aTube Catcher 2.0\\yct.exe"=

"c:\\Arquivos de programas\\Arquivos comuns\\Java\\Java Update\\jusched.exe"=

"c:\\Arquivos de programas\\Adobe\\Reader 8.0\\Reader\\reader_sl.exe"=

"c:\\Arquivos de programas\\Microsoft Office\\Office12\\ONENOTEM.EXE"=

"c:\\Arquivos de programas\\FreeTime\\FormatFactory\\FFModules\\mencoder.exe"=

"c:\\Documents and Settings\\PC101\\Configurações locais\\Dados de aplicativos\\Google\\Chrome\\Application\\chrome.exe"=

"c:\\Arquivos de programas\\Windows Media Player\\wmplayer.exe"=

"c:\\Arquivos de programas\\VS Revo Group\\Revo Uninstaller\\Revouninstaller.exe"=

"c:\\WINDOWS\\system32\\dwwin.exe"=

"c:\\Arquivos de programas\\Arquivos comuns\\Apple\\Apple Application Support\\WebKit2WebProcess.exe"=

"c:\\Arquivos de programas\\Digital Drums\\DigitalDrums.exe"=

"c:\\Arquivos de programas\\Arquivos comuns\\Apple\\Apple Application Support\\APSDaemon.exe"=

"c:\\Arquivos de programas\\Malwarebytes' Anti-Malware\\mbamgui.exe"=

"c:\\Documents and Settings\\PC101\\Desktop\\OTL.exe"=

"c:\\Arquivos de programas\\Arquivos comuns\\Java\\Java Update\\jucheck.exe"=

.

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]

"3696:TCP"= 3696:TCP:tiwwlibe

.

R0 360HookOem;360HookOem;c:\windows\system32\drivers\360HookOem.sys [28/8/2012 21:13 54912]

R0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [13/1/2012 01:38 642560]

R1 360FileOem;360FileOem;c:\windows\system32\drivers\360FileOem.sys [28/8/2012 21:13 146304]

R1 360RegOem;360RegOem;c:\windows\system32\drivers\360RegOem.sys [28/8/2012 21:13 23168]

R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [23/10/2012 01:20 729752]

R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [23/10/2012 01:20 355632]

R1 BIOS;BIOS;c:\windows\system32\drivers\BIOS.sys [12/1/2012 17:52 13696]

R1 Ext2fs;Ext2fs;c:\windows\system32\drivers\ext2fs.sys [27/8/2012 12:24 181120]

R1 IfsMount;IfsMount;c:\windows\system32\drivers\ifsmount.sys [27/8/2012 12:24 51072]

R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [23/10/2012 01:20 21256]

R2 MBAMScheduler;MBAMScheduler;c:\arquivos de programas\Malwarebytes' Anti-Malware\mbamscheduler.exe [19/10/2012 18:18 399432]

R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [19/10/2012 18:18 22856]

R3 vaxscsi;vaxscsi;c:\windows\system32\drivers\vaxscsi.sys [17/3/2012 22:16 223128]

S1 ctredr15.sys;ctredr15.sys; [x]

S2 MBAMService;MBAMService;c:\arquivos de programas\Malwarebytes' Anti-Malware\mbamservice.exe [19/10/2012 18:18 676936]

S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [30/3/2012 16:54 250808]

S3 WMI_MFC_TPSHOKER_80;WMI_MFC_TPSHOKER_80; [x]

.

--- =Outros Serviços/Drivers Na Memória ---

.

*NewlyCreated* - ASWSNX

*NewlyCreated* - AVAST!_ANTIVIRUS

.

Conteúdo da pasta 'Tarefas Agendadas'

.

2012-10-23 c:\windows\Tasks\Adobe Flash Player Updater.job

- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-03-30 20:47]

.

2012-10-23 c:\windows\Tasks\avast! Emergency Update.job

- c:\arquivos de programas\AVAST Software\Avast\AvastEmUpdate.exe [2012-10-23 08:12]

.

.

------- Scan Suplementar -------

.

uStart Page = https://correio.connectcom.com.br/exchweb/bin/auth/owalogon.asp?url=https://correio.connectcom.com.br/exchange/&reason=1

TCP: DhcpNameServer = 200.204.0.10 200.204.0.138

TCP: Interfaces\{658057F0-E1CA-4AA7-912D-0C0EDECC1B1A}: NameServer = 200.204.0.10,200.204.0.138

FF - ProfilePath - c:\documents and settings\PC101\Dados de aplicativos\Mozilla\Firefox\Profiles\lpwptk2y.default\

FF - prefs.js: browser.search.selectedEngine - Search the web (Babylon)

FF - prefs.js: browser.startup.homepage - hxxp://www.google.com.br/

FF - user.js: extensions.BabylonToolbar_i.id - 544d90f100000000000000e04d9e1a4e

FF - user.js: extensions.BabylonToolbar_i.hardId - 544d90f100000000000000e04d9e1a4e

FF - user.js: extensions.BabylonToolbar_i.instlDay - 15536

FF - user.js: extensions.BabylonToolbar_i.vrsn - 1.5.3.17

FF - user.js: extensions.BabylonToolbar_i.vrsni - 1.5.3.17

FF - user.js: extensions.BabylonToolbar_i.prtnrId - babylon

FF - user.js: extensions.BabylonToolbar_i.prdct - BabylonToolbar

FF - user.js: extensions.BabylonToolbar_i.aflt - babsst

FF - user.js: extensions.BabylonToolbar_i.tlbrId - base

FF - user.js: extensions.BabylonToolbar_i.instlRef - sst

FF - user.js: extensions.funmoods.hmpg - true

FF - user.js: extensions.funmoods.hmpgUrl - hxxp://start.funmoods.com/?f=1&a=ironpub&chnl=ironpub&cd=2XzuyEtN2Y1L1QzutDtD0EtDyE0Dzy0EtC0AyE0EzytD0FtCtN0D0Tzu0StByEtDtN1L2XzutBtFtCtFtCtFtAtCtB&cr=683429118

FF - user.js: extensions.funmoods.dfltSrch - true

FF - user.js: extensions.funmoods.srchPrvdr - Search

FF - user.js: extensions.funmoods.dnsErr - true

FF - user.js: extensions.funmoods_i.newTab - true

FF - user.js: extensions.funmoods.newTabUrl - hxxp://start.funmoods.com/?f=2&a=ironpub&chnl=ironpub&cd=2XzuyEtN2Y1L1QzutDtD0EtDyE0Dzy0EtC0AyE0EzytD0FtCtN0D0Tzu0StByEtDtN1L2XzutBtFtCtFtCtFtAtCtB&cr=683429118

FF - user.js: extensions.funmoods.tlbrSrchUrl - hxxp://start.funmoods.com/?f=3&a=ironpub&chnl=ironpub&cd=2XzuyEtN2Y1L1QzutDtD0EtDyE0Dzy0EtC0AyE0EzytD0FtCtN0D0Tzu0StByEtDtN1L2XzutBtFtCtFtCtFtAtCtB&cr=683429118&q=

FF - user.js: extensions.funmoods.id - 00E04D9E1A4E90F1

FF - user.js: extensions.funmoods.instlDay - 15580

FF - user.js: extensions.funmoods.vrsn - 1.5.23.22

FF - user.js: extensions.funmoods.vrsni - 1.5.23.22

FF - user.js: extensions.funmoods_i.vrsnTs - 1.5.23.2220:9:48

FF - user.js: extensions.funmoods.prtnrId - funmoods

FF - user.js: extensions.funmoods.prdct - funmoods

FF - user.js: extensions.funmoods.aflt - ironpub

FF - user.js: extensions.funmoods_i.smplGrp - none

FF - user.js: extensions.funmoods.tlbrId - base

FF - user.js: extensions.funmoods.instlRef - ironpub

FF - user.js: extensions.funmoods.dfltLng -

FF - user.js: extensions.funmoods.excTlbr - false

FF - user.js: extensions.funmoods.autoRvrt - false

FF - user.js: extensions.funmoods.envrmnt - production

FF - user.js: extensions.funmoods.isdcmntcmplt - true

FF - user.js: extensions.funmoods.mntrvrsn - 1.3.0

FF - user.js: extensions.BabylonToolbar.autoRvrt - false

FF - user.js: extensions.BabylonToolbar_i.newTab - false

FF - user.js: extensions.BabylonToolbar.tlbrSrchUrl - hxxp://search.babylon.com/?babsrc=TB_def&mntrId=544d90f100000000000000e04d9e1a4e&q=

FF - user.js: extensions.BabylonToolbar.id - 544d90f100000000000000e04d9e1a4e

FF - user.js: extensions.BabylonToolbar.appId - {BDB69379-802F-4eaf-B541-F8DE92DD98DB}

FF - user.js: extensions.BabylonToolbar.instlDay - 15600

FF - user.js: extensions.BabylonToolbar.vrsn - 1.6.9.12

FF - user.js: extensions.BabylonToolbar.vrsni - 1.6.9.12

FF - user.js: extensions.BabylonToolbar_i.vrsnTs - 1.6.9.1218:45

FF - user.js: extensions.BabylonToolbar.prtnrId - babylon

FF - user.js: extensions.BabylonToolbar.prdct - BabylonToolbar

FF - user.js: extensions.BabylonToolbar.aflt - babsst

FF - user.js: extensions.BabylonToolbar_i.smplGrp - none

FF - user.js: extensions.BabylonToolbar.tlbrId - base

FF - user.js: extensions.BabylonToolbar.instlRef - sst

FF - user.js: extensions.BabylonToolbar.dfltLng - en

FF - user.js: extensions.BabylonToolbar.excTlbr - false

FF - user.js: extensions.BabylonToolbar.admin - false

FF - user.js: extensions.BabylonToolbar_i.babTrack - affID=110195&tt=120912_pcp_3812_6

FF - user.js: extensions.BabylonToolbar_i.babExt -

FF - user.js: extensions.BabylonToolbar_i.srcExt - ss

.

- - - - ORFÃOS REMOVIDOS - - - -

.

Toolbar-Locked - (no file)

MSConfigStartUp-lxdnmon - (no file)

AddRemove-Ink Monitor - c:\arquivos de programas\EPSON\Ink Monitor\InkMonitor.exe

.

.

.

**************************************************************************

.

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2012-10-23 01:55

Windows 5.1.2600 Service Pack 2 NTFS

.

Procurando processos ocultos ...

.

Procurando entradas auto inicializáveis ocultas ...

.

Procurando ficheiros/arquivos ocultos ...

.

.

c:\windows\TEMP\_asw_aisI.tm~a01848

c:\windows\TEMP\_asw_aisI.tm~a01848\onefile 0 bytes

c:\windows\TEMP\_asw_aisI.tm~a01848\setup.lok 0 bytes

.

Varredura completada com sucesso

arquivos/ficheiros ocultos: 3

.

**************************************************************************

.

--------------------- DLLs Carregadas Sob os Processos em Execução ---------------------

.

- - - - - - - > 'winlogon.exe'(1032)

c:\windows\system32\Ati2evxx.dll

c:\windows\system32\atiadlxx.dll

.

- - - - - - - > 'explorer.exe'(2760)

c:\windows\system32\WININET.dll

c:\arquiv~1\WINDOW~2\wmpband.dll

c:\windows\system32\webcheck.dll

c:\windows\system32\WPDShServiceObj.dll

c:\windows\system32\PortableDeviceTypes.dll

c:\windows\system32\PortableDeviceApi.dll

.

------------------------ Outros Processos em Execução ------------------------

.

c:\windows\system32\Ati2evxx.exe

c:\arquivos de programas\AVAST Software\Avast\AvastSvc.exe

c:\windows\system32\Ati2evxx.exe

c:\windows\system32\E_S00RP1.EXE

c:\arquiv~1\NVIDIA~1\NETWOR~1\Apache Group\Apache2\bin\apache.exe

c:\windows\system32\inetsrv\inetinfo.exe

c:\arquivos de programas\Java\jre7\bin\jqs.exe

c:\arquiv~1\NVIDIA~1\NETWOR~1\bin\nSvcLog.exe

c:\arquiv~1\NVIDIA~1\NETWOR~1\Apache Group\Apache2\bin\apache.exe

c:\windows\system32\HPZipm12.exe

c:\arquivos de programas\Arquivos comuns\Protexis\License Service\PsiService_2.exe

c:\windows\System32\snmp.exe

c:\arquivos de programas\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe

c:\windows\system32\SAgent4.exe

c:\arquiv~1\NVIDIA~1\NETWOR~1\bin\nSvcIp.exe

c:\arquivos de programas\Arquivos comuns\Ahead\Lib\NMIndexingService.exe

c:\arquivos de programas\Arquivos comuns\Ahead\Lib\NMIndexStoreSvr.exe

.

**************************************************************************

.

Tempo para conclusão: 2012-10-23 01:59:14 - Máquina reiniciou

ComboFix-quarantined-files.txt 2012-10-23 03:59

ComboFix2.txt 2012-08-03 20:26

.

Pré-execução: 5.301.485.568 bytes disponíveis

Pós execução: 5.302.812.672 bytes disponíveis

.

- - End Of File - - 54E33EB6954A1765D39735A2E03E06D1

Compartilhar este post

Link para o post
Compartilhar em outros sites

wings    22

wings
Postado

OK...

 

Não se preocupe com os programas utilizados. Depois removeremos tudo.

 

Há ainda alguns ajustes.

 

 

:seta: Baixe o Farbar Service Scanner (...de Farbar) e salve-o no Desktop (Área de Trabalho)

 

*Execute-o.

 

abw517Bm.jpg

 

*Selecione todas as opções

 

*Clique [scan]

 

*Cole o relatório FSS.txt localizado no desktop

Compartilhar este post

Link para o post
Compartilhar em outros sites

FernaoUbubtu    0

FernaoUbubtu
Postado

segue o último log:

 

Farbar Service Scanner Version: 19-10-2012

Ran by PC101 (administrator) on 23-10-2012 at 02:14:43

Running from "C:\Documents and Settings\PC101\Desktop"

Microsoft Windows XP Professional Service Pack 2 (X86)

Boot Mode: Normal

****************************************************************

 

Internet Services:

============

 

Connection Status:

==============

Localhost is accessible.

LAN connected.

Google IP is accessible.

Google.com is accessible.

Yahoo IP is accessible.

Yahoo.com is accessible.

 

 

Windows Firewall:

=============

 

Firewall Disabled Policy:

==================

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]

"EnableFirewall"=DWORD:0

 

 

System Restore:

============

 

System Restore Disabled Policy:

========================

 

 

Security Center:

============

 

Windows Update:

============

 

Windows Autoupdate Disabled Policy:

============================

 

 

File Check:

========

C:\WINDOWS\system32\dhcpcsvc.dll

[2004-08-04 01:45] - [2006-05-19 11:23] - 0111616 ____A (Microsoft Corporation) 547538C3A06D74A5D004C751A81274D7

 

C:\WINDOWS\system32\Drivers\afd.sys

[2004-08-04 00:14] - [2008-08-14 07:51] - 0138368 ____A (Microsoft Corporation) 55E6E1C51B6D30E54335750955453702

 

C:\WINDOWS\system32\Drivers\netbt.sys

[2004-08-04 00:14] - [2004-08-04 00:14] - 0162816 ____A (Microsoft Corporation) 0C80E410CD2F47134407EE7DD19CC86B

 

C:\WINDOWS\system32\Drivers\tcpip.sys

[2004-08-04 00:14] - [2008-06-20 08:45] - 0360320 ____A (Microsoft Corporation) 2A5554FC5B1E04E131230E3CE035C3F9

 

C:\WINDOWS\system32\Drivers\ipsec.sys

[2004-08-04 00:14] - [2004-08-04 00:14] - 0074752 ____A (Microsoft Corporation) 64537AA5C003A6AFEEE1DF819062D0D1

 

C:\WINDOWS\system32\dnsrslvr.dll

[2004-08-04 01:45] - [2008-02-20 03:37] - 0045568 ____A (Microsoft Corporation) 8545D5CD76F8549AAF7140ADE32A1C50

 

C:\WINDOWS\system32\ipnathlp.dll

[2004-08-04 01:45] - [2004-08-04 01:45] - 0331264 ____A (Microsoft Corporation) FC6D4B9733F88A20ACA9062E87543139

 

C:\WINDOWS\system32\netman.dll

[2004-08-04 01:45] - [2005-08-22 16:34] - 0197632 ____A (Microsoft Corporation) 8F69BA68EFA010E92190167477037FFD

 

C:\WINDOWS\system32\wbem\WMIsvc.dll

[2012-01-12 17:29] - [2004-08-04 01:45] - 0145408 ____A (Microsoft Corporation) A41FFF6723695E4862CDDCEB9F2666C2

 

C:\WINDOWS\system32\srsvc.dll

[2012-01-12 17:30] - [2004-08-04 01:45] - 0171008 ____A (Microsoft Corporation) 0B1D7BF8EB2BC685D154CB925F3629CB

 

C:\WINDOWS\system32\Drivers\sr.sys

[2012-01-12 17:30] - [2004-08-04 01:41] - 0073472 ____A (Microsoft Corporation) CFA635CF7E75E4EB98FBC164E3583111

 

C:\WINDOWS\system32\wscsvc.dll

[2004-08-04 01:45] - [2004-08-04 01:45] - 0081408 ____A (Microsoft Corporation) CE1E1B256F73D49C1A76E4F2721DC8CC

 

C:\WINDOWS\system32\wbem\WMIsvc.dll

[2012-01-12 17:29] - [2004-08-04 01:45] - 0145408 ____A (Microsoft Corporation) A41FFF6723695E4862CDDCEB9F2666C2

 

C:\WINDOWS\system32\wuauserv.dll

[2012-01-12 17:30] - [2004-08-04 01:45] - 0006656 ____A (Microsoft Corporation) 3A494ADAAF9D02DCD0894CEDD03B73C1

 

C:\WINDOWS\system32\qmgr.dll

[2012-01-12 17:30] - [2004-08-04 01:45] - 0382464 ____A (Microsoft Corporation) C1AA680B70BD0771A0850E04C3E634A5

 

C:\WINDOWS\system32\es.dll

[2004-08-04 01:45] - [2008-07-07 18:31] - 0253952 ____A (Microsoft Corporation) C8FDAFC91302E9E905182EC6A2D1612A

 

C:\WINDOWS\system32\cryptsvc.dll

[2004-08-04 01:45] - [2004-08-04 01:45] - 0060416 ____A (Microsoft Corporation) 7836E32505D817311E8F8384A18C1128

 

C:\WINDOWS\system32\svchost.exe

[2004-08-04 01:45] - [2004-08-04 01:45] - 0014336 ____A (Microsoft Corporation) 5DE3E7B6F7624552F2F06664F110820D

 

C:\WINDOWS\system32\rpcss.dll

[2004-08-04 01:45] - [2009-02-09 08:19] - 0399360 ____A (Microsoft Corporation) 2CB8373AC68E387BDF5472CB7AF347EF

 

C:\WINDOWS\system32\services.exe

[2004-08-04 01:45] - [2009-02-09 08:08] - 0111104 ____A (Microsoft Corporation) 96D7D86D3AA68A57BBE835441DC23107

 

 

Extra List:

=======

aswTdi(8) ctredr15.sys(8) Gpc(3) IPSec(5) NetBT(6) PSched(7) Tcpip(4)

0x080000000500000001000000020000000300000004000000080000000600000007000000

IpSec Tag value is correct.

 

**** End of log ****

Compartilhar este post

Link para o post
Compartilhar em outros sites

wings    22

wings
Postado

OK...vamos a limpeza do PC e depois para as finalizações.

 

 

:seta: Baixe o DelFix (...de Xplode) e salve-o no desktop (Área de Trabalho)

 

*Execute-o.

 

aadNBdcl.jpg

 

*Clique [suppression]

 

*Cole o relatório apresentado

Compartilhar este post

Link para o post
Compartilhar em outros sites

FernaoUbubtu    0

FernaoUbubtu
Postado

aqui está:

 

 

# DelFix v9.0 - Rapport créé le 23/10/2012 à 05:49:00

# Mis à jour le 23/09/12 par Xplode

# Système d'exploitation : Microsoft Windows XP Service Pack 2 (32 bits)

# Nom d'utilisateur : PC101 - PC100 (Administrateur)

# Exécuté depuis : C:\Documents and Settings\PC101\Desktop\delfix.exe

# Option [suppression]

 

 

~~~~~~ Dossiers(s) ~~~~~~

 

Supprimé : C:\Qoobox

Supprimé : C:\_OTL

 

~~~~~~ Fichier(s) ~~~~~~

 

Supprimé : C:\AdwCleaner[R1].txt

Supprimé : C:\AdwCleaner[R2].txt

Supprimé : C:\AdwCleaner[s1].txt

Supprimé : C:\AdwCleaner[s2].txt

Supprimé : C:\AdwCleaner[s3].txt

Supprimé : C:\ComboFix.txt

Supprimé : C:\Documents and Settings\PC101\Desktop\AdwCleaner.exe

Supprimé : C:\Documents and Settings\PC101\Desktop\ComboFix.exe

Supprimé : C:\Documents and Settings\PC101\Desktop\Extras.Txt

Supprimé : C:\Documents and Settings\PC101\Desktop\FSS.exe

Supprimé : C:\Documents and Settings\PC101\Desktop\FSS.txt

Supprimé : C:\Documents and Settings\PC101\Desktop\HijackThis.exe

Supprimé : C:\Documents and Settings\PC101\Desktop\hijackthis.log

Supprimé : C:\Documents and Settings\PC101\Desktop\OTL.Txt

Supprimé : C:\Documents and Settings\PC101\Desktop\OTL.exe

Supprimé : C:\WINDOWS\grep.exe

Supprimé : C:\WINDOWS\PEV.exe

Supprimé : C:\WINDOWS\NIRCMD.exe

Supprimé : C:\WINDOWS\MBR.exe

Supprimé : C:\WINDOWS\SED.exe

Supprimé : C:\WINDOWS\SWREG.exe

Supprimé : C:\WINDOWS\SWSC.exe

Supprimé : C:\WINDOWS\SWXCACLS.exe

Supprimé : C:\WINDOWS\Zip.exe

 

~~~~~~ Registre ~~~~~~

 

Clé Supprimée : HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Start Menu2\Programs\ZHP

Clé Supprimée : HKLM\SOFTWARE\OldTimer Tools

Clé Supprimée : HKLM\SOFTWARE\AdwCleaner

Clé Supprimée : HKLM\SOFTWARE\Soeperman Enterprises Ltd.

Clé Supprimée : HKLM\SOFTWARE\Swearware

Clé Supprimée : HKLM\SOFTWARE\TrendMicro\Hijackthis

Clé Supprimée : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Hijackthis

Clé Supprimée : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\HijackThis.exe

Clé Supprimée : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\combofix.exe

 

~~~~~~ Autres ~~~~~~

 

-> Prefetch Vidé

 

*************************

 

DelFix[s1].txt - [2190 octets] - [23/10/2012 05:49:00]

 

########## EOF - C:\DelFix[s1].txt - [2314 octets] ##########

Compartilhar este post

Link para o post
Compartilhar em outros sites

wings    22

wings
Postado

PROBLEMA RESOLVIDO

 

Caso o autor necessite que o tópico seja reaberto basta enviar uma Mensagem Privada para um Moderador com um link para o tópico.

Compartilhar este post

Link para o post
Compartilhar em outros sites
Ir para a lista de tópicos Tópicos Resolvidos (Seguranca & Malwares)
×

Informação importante

Ao usar o fórum, você concorda com nossos Termos e condições.

  Aceito